[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 13 21:31:54 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0e916729 by Salvatore Bonaccorso at 2024-08-13T22:31:30+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,275 +1,275 @@
CVE-2024-7746 (Use of Default Credentials vulnerability in Tananaev Solutions Traccar ...)
TODO: check
CVE-2024-7741 (A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7740 (A vulnerability has been found in wanglongcn ltcms 1.0.20 and classifi ...)
- TODO: check
+ NOT-FOR-US: wanglongcn ltcms
CVE-2024-7739 (A vulnerability, which was classified as problematic, was found in yza ...)
- TODO: check
+ NOT-FOR-US: yzane vscode-markdown-pdf
CVE-2024-7738 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: yzane vscode-markdown-pdf
CVE-2024-7733 (A vulnerability, which was classified as problematic, was found in Fas ...)
- TODO: check
+ NOT-FOR-US: FastCMS
CVE-2024-7593 (Incorrect implementation of an authentication algorithm in Ivanti vTM ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-7570 (Improper certificate validation in Ivanti ITSM on-prem and Neurons for ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-7569 (An information disclosure vulnerability in Ivanti ITSM on-prem and Neu ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2024-7567 (A denial-of-service vulnerability exists via the CIP/Modbus port in th ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-7113 (If exploited, this vulnerability could cause a SuiteLink server to con ...)
- TODO: check
+ NOT-FOR-US: SuiteLink server
CVE-2024-6788 (A remote unauthenticated attacker can use the firmware update feature ...)
TODO: check
CVE-2024-6619 (In Ocean Data Systems Dream Report, an incorrect permission vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Ocean Data Systems Dream Report
CVE-2024-6618 (In Ocean Data Systems Dream Report, a path traversal vulnerability cou ...)
- TODO: check
+ NOT-FOR-US: Ocean Data Systems Dream Report
CVE-2024-6384 ("Hot" backup files may be downloaded by underprivileged users, if they ...)
TODO: check
CVE-2024-6079 (A vulnerability exists in the Rockwell Automation Emulate3D\u2122,whic ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-5849 (An unauthenticated remote attacker may use a reflected XSS vulnerabili ...)
TODO: check
CVE-2024-43165 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43160 (Unrestricted Upload of File with Dangerous Type vulnerability in BerqW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43153 (Improper Privilege Management vulnerability in WofficeIO Woffice allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43141 (Deserialization of Untrusted Data vulnerability in Roland Barker, xnau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43140 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43138 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43135 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43131 (Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Col ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43129 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43128 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-43121 (Improper Privilege Management vulnerability in realmag777 HUSKY allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-42740 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42739 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42738 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42737 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42736 (In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2024-42368 (OpenTelemetry, also known as OTel, is a vendor-neutral open source Obs ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry Collector
CVE-2024-41774 (IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2024-41711 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Serie ...)
- TODO: check
+ NOT-FOR-US: Mitel
CVE-2024-41623 (An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 ...)
- TODO: check
+ NOT-FOR-US: D3D Security D3D IP Camera (D8801)
CVE-2024-41614 (symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in th ...)
- TODO: check
+ NOT-FOR-US: Symphony CMS
CVE-2024-41613 (A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allo ...)
- TODO: check
+ NOT-FOR-US: Symphony CMS
CVE-2024-40697 (IBM Common Licensing 9.0 does not require that users should have stron ...)
NOT-FOR-US: IBM
CVE-2024-3913 (An unauthenticated remote attacker can use this vulnerability to chang ...)
TODO: check
CVE-2024-39651 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-39642 (Authorization Bypass Through User-Controlled Key vulnerability in Thim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38787 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38760 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38756 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38752 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38749 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
TODO: check
CVE-2024-38747 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38742 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38724 (Cross-Site Request Forgery (CSRF), Improper Neutralization of Input Du ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38699 (Missing Authorization vulnerability in WP Swings Wallet System for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38688 (Missing Authorization vulnerability in Igor Beni\u0107 Recipe Maker Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38502 (An unauthenticated remote attacker may use stored XSS vulnerability to ...)
TODO: check
CVE-2024-38501 (An unauthenticated remote attacker may use a HTML injection vulnerabil ...)
TODO: check
CVE-2024-38223 (Windows Initial Machine Configuration Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38215 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38214 (Windows Routing and Remote Access Service (RRAS) Information Disclosur ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38213 (Windows Mark of the Web Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38211 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38201 (Azure Stack Hub Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38199 (Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulner ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38198 (Windows Print Spooler Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38197 (Microsoft Teams for iOS Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38196 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38195 (Azure CycleCloud Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38193 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38191 (Kernel Streaming Service Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38189 (Microsoft Project Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38187 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38186 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38185 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38184 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38180 (Windows SmartScreen Security Feature Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38178 (Scripting Engine Memory Corruption Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38177 (Windows App Installer Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38173 (Microsoft Outlook Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38172 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38171 (Microsoft PowerPoint Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38170 (Microsoft Excel Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38169 (Microsoft Office Visio Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38168 (.NET and Visual Studio Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38167 (.NET and Visual Studio Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38165 (Windows Compressed Folder Tampering Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38162 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38161 (Windows Mobile Broadband Driver Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38160 (Windows Network Virtualization Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38159 (Windows Network Virtualization Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38158 (Azure IoT SDK Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38157 (Azure IoT SDK Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38155 (Security Center Broker Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38154 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38153 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38152 (Windows OLE Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38151 (Windows Kernel Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38150 (Windows DWM Core Library Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38148 (Windows Secure Channel Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38147 (Microsoft DWM Core Library Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38146 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38145 (Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38144 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38143 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38142 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38141 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38140 (Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38138 (Windows Deployment Services Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38137 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38136 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38135 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38134 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38133 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38132 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38131 (Clipboard Virtual Channel Extension Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38130 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38128 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38127 (Windows Hyper-V Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38126 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38125 (Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulne ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38123 (Windows Bluetooth Driver Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38122 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38121 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38120 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38118 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38117 (NTFS Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38116 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38115 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38114 (Windows IP Routing Management Snapin Remote Code Execution Vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38109 (An authenticated attacker can exploit an Server-Side Request Forgery ( ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38108 (Azure Stack Hub Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38107 (Windows Power Dependency Coordinator Elevation of Privilege Vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38106 (Windows Kernel Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38084 (Microsoft OfficePlus Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-38063 (Windows TCP/IP Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37968 (Windows DNS Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-37935 (Missing Authorization vulnerability in anhvnit Woocommerce OpenPos all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-37287 (A flaw allowing arbitrary code execution was discovered in Kibana. An ...)
TODO: check
CVE-2024-37015 (An issue was discovered in Ada Web Server 20.0. When configured to use ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e9167299d7a95627911a9202bc8d574fc17cd0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e9167299d7a95627911a9202bc8d574fc17cd0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240813/4379c9d3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list